No privacy violation to tell complainants that complaint resolved by taking “action”

On February 10th, Arbitrator Oakley dismissed a grievance that alleged a university had violated a professor’s privacy by advising students that it had taken “action” to address their complaint.

Forty-three students complained about a failure to conduct sufficient evaluation by the eighth week of the term as well as inconsistent grading. The Dean investigated and issued a written warning, both actions immediately grieved by the professor and their faculty association. The Dean then sent the following communication to the complainants:

Dear Concerned Students,

Thank you for your patience.

The complaints were reviewed with [G] and the Mount Allison Faculty Association and the University took action to ensure the issues raised were addressed. This action is the subject of a grievance under the relevant collective agreement and is scheduled for arbitration in November. Collective agreements are contracts between an employer and a union governing the relationships between unionized employees and their employer. I cannot disclose any further information until the grievance is resolved by agreement or through arbitration. Please be assured that the issues you raised have been taken seriously by the University and we thank you for raising your concerns.

The professor and faculty association grieved again, relying on provincial privacy legislation, the intrusion tort and a provision of the collective agreement that prohibited the university from disclosing information in the official file.

Arbitrator Oakley dismissed the privacy grievance. He was very careful to root the decision in the facts, stressing that the university did not imply that it had disciplined the grievor.

It is entirely appropriate for Arbitrator Oakley to be so reserved, but it ought to be said that complainants of all kinds have a strong interest in knowing how their complaints are resolved and ought not to be deprived of the basic facts pertaining to resolution, in my own view even if that includes facts about discipline imposed. Privacy is not absolute and does not preclude the meeting of valid competing interests.

Mount Allison Faculty Association v Mount Allison University, 2020 CanLII 33895 (NB LA).

Arbitrator declines to find a privacy violation for inquiry made of employee’s second employer

As the gig economy rises, work for more than one employer is becoming more common, and work across multiple employers has been common in the health care sector for some time. What, then, is an employer to do if its employee has taken sick leave but may be working for their other employer? Can the employer simply ask the other employer if the employee is at work?

There are some discipline cases in which unions have not challenged such questioning and others in which employers have asked for employee consent to make the inquiry. Last July, Arbitrator Brian Sheehan of Ontario entertained and dismissed what I believe to be the first privacy breach allegation on point, though he did so in quite a qualified manner.

The employer’s inquiry was apparently based on a mere suspicion. Mr. Sheehan explained, “For Ms. Valentin, the grievor’s relatively significant level of absenteeism, in addition to Ms. Valentin’s perception that there was a pattern of the grievor being absent from work on days before or after her scheduled days off was suspicious.”

To aggravate the situation, when the employer called the other workplace it received the information it was seeking plus some editorial – that the grievor’s “attitude stinks.”

Mr. Sheehan nonetheless declined to find a privacy breach. He said:

As to the Union’s privacy argument, factually, I do not find that claim  particularly compelling. Based on the Employer’s understanding of the facts as of September 2014, it had, in my view, a reasonable basis to investigate the grievor’s work history at Villa Leonardo.  The Union’s primary complaint was that the Employer should have initially sought to obtain the information from the grievor.  On this point, while as previously noted the grievor was fairly forthcoming with respect to her work history at Villa Leonardo, she was in fact mistaken as to her work history in relation to some of the days in question. At the same time, the Employer arguably should have followed the approach in the Province of Alberta, supra, case and sought the grievor’s consent to obtain the relevant documentation from Villa Leonardo.

At the end the day, however, the extent of the nature of the invasion of the grievor’s privacy relates to the Employer asking a third party the work history pertaining to the grievor. Seeking such information is definitively on the lower end of the spectrum of the privacy interests of an individual that warrant protection, and that interest is far removed from the surreptitious electronic surveillance that was in dispute in the cited Domain Forest Products, supra, and Ebco Metal Finishing Ltd., supra, cases. In this regard, any breach of the grievor’s privacy interest was, in my view, de minimis in nature; such that, I am not inclined to issue any sort of declaration or sanction.

This is best understood as a discouragement to employers, without an actual finding based on an application of the de minimis non curat lex principle: the law will not concern itself with trifles.

No arbitrator is bound to follow another arbitrator, but employers can take some comfort in this award. If they have a reason not to ask for consent (and are prepared to articulate it if challenged) they may decide to unilaterally seek information from another employer about whether an employee was or was not at work during a period of time. The risk of liability is low.

Toronto (City) v Canadian Union of Public Employees, Local 79, 2019 CanLII 78856 (ON LA).

Organization stumbles into BYOD nightmare

Hat tip to investigation firm Rubin Thomlinson for bringing an illustrative British Columbia arbitration decision to my attention. The remarkable April 2019 case involves an iPhone wiped by an employee’s wife mid-investigation!

The iPhone was owned by the employer, but it set it up using the employee’s personal Apple ID. That is not uncommon, but the employer apparently did not use any mobile device management software. To enforce its rights, the employer relied solely on its mobile device (administrative) policy, which disclaimed all employee privacy rights and stipulated that all data on employer devices is employer-owned.

Problems arose after the employer received a complaint that the employee was watching his female colleagues. The complainants said the employee “might also be taking pictures” with his phone.

The employer met with the employee to investigate, and took custody of the phone. The employee gave the employer the PIN to unlock the phone, but then asked for the phone back because it contained personal information. The employer excluded the employee and proceeded to examine the phone, but did not finish its examination before the employee’s wife (who the employee had phoned) remotely wiped the phone and refused to restore it with backup data.

The employer terminated the employee for watching the complainants (though not necessarily taking their pictures) and for insubordination.

The arbitrator held that the employer did not prove either voyeurism or insubordination. In doing so, he held that the employer had sufficient justification to search the phone but that it could not rely on its mobile device policy to justify excluding the employee from the examination process and demanding the recovery of the lost data. Somewhat charitably, the arbitrator held that the employee ought to be held “accountable for failing to make an adequate effort to encourage his wife to allow for recovery of the data” and reserved his decision on the appropriate penalty.

The employer took far too much comfort from its ownership of the device. Given the phone was enabled by the employee’s personal Apple ID, the employer was faced with all the awkwardness, compromise and risks of any BYOD arrangement. Those risks can be partially mitigated by the use of mobile device management software. Policy should also clearly authorize device searches that are to be conducted with a view to the (quite obvious) privacy interest at stake.

District of Houston v Canadian Union of Public Employees, Local 2086, 2019 CanLII 104260 (BC LA).

For Rubin Thomlinson’s more detailed summary of the case, please see here.

 

 

BC arbitrator admits surveillance that captures “sexual relations” in the office

Vernon Professional Firefighters’ Association I.A.F.F. LOCAL 1517 v Corporation of the City of Vernon is a well argued video surveillance case in which Arbitrator Dorsey held that a fire service properly employed video surveillance in response to a suspicion that documents had been taken from a filing cabinet in the (interim) Chief’s office. The surveillance captured two employees having “sexual relations,” an act for which they were terminated.

The Association’s theory was the decision to employ surveillance was a product of “paranoia and distrust” arising out of bad labour relations. The Employer argued the bad labour relations in its favour, ultimately convincing Mr. Dorsey that protecting its information was one concern, but determining who it believed had accessed the information without authorization was an equally legitimate objective in the context. It’s a decision that turns on its facts, though there are some other notable findings. Namely, Mr. Dorsey found that:

  • the installation of surveillance in this context was an  “indirect collection” of personal information under British Columbia’s public sector privacy legislation (para 79);
  • the standard for employing surveillance under public sector privacy legislation and a collective agreement ought to be the same (para 239);
  • having a meeting with staff about the the terminations was a legitimate means of addressing rumors and speculation about the terminations and did not invite a further breach of privacy as alleged (para 93).

Arbitrator Dorsey does suggest, problematically in my view, that surveillance evidence ought to be excluded if collected via “an unjustified employer invasion of employees’ privacy rights.” Like many arbitrators, Arbitrator Dorsey frames the power to exclude evidence as discretionary but links the exclusion analysis to one factor above all others – justification. If the exclusion analysis is to be undertaken reasonably, it must encompass “all relevant factors,” including the impact of any exclusion decision on the administration of (administrative) justice and ongoing labour relations.

Vernon Professional Firefighters’ Association I.A.F.F. LOCAL 1517 v Corporation of the City of Vernon, 2018 CanLII 111669 (BC LA).

GSB finds PHIPA doesn’t govern occupational health information

Neither public nor private sector employees in Ontario have statutory privacy rights. This has been lamented by the IPC itself.

Ontario unions, however, often rely on the Ontario privacy statutes – FIPPA and PHIPA – to forward privacy grievances. This reliance is unnecessary given arbitrators recognize implicit privacy rights, and has caused the jurisprudence to become incredibly muddled. The worst case is the Divisional Court’s Hooper decision, a (non-labour) case that the IPC has effectively said is wrongly decided. I agree. Hooper needs to be challenged and decisively overruled.

In the interim, we’ll have litigation like that in a recent case decided by the GSB. It’s hard to distinguish Hooper, but Arbitrator Dissanyake distinguished Hooper as follows:

It is apparent, therefore, that in each of those cases, the employer was found to be providing some form of health care to its employees. For that purpose it was held that “health care” is not limited to making a diagnosis. It was broader. There is no evidence that the employer in the instant matter provides any health care to its employees even in the broader sense. It does collect some types of health information related to employees, but the purpose is not in any way related to provision of health care. The purpose is to deal with workplace implications of employees’ health issues on the rights and obligations under the collective agreement and legislation.

I suppose the practical lesson for employers is to be very clear about the purpose of the occupational health function, saying things like this:

  • This white coat you are dealing with is a specialist that is part of our human resources team.
  • This is about assessing you to meet our human resources needs, not helping you get better.
  • Sure we’ll keep your information secure and treat it as confidential, but we’ll also use it for all our occupational health purposes, providing our employees and agents with access in accordance with the “need to know” principle.
  • Please understand. Your personal physician is your source of health care.

Tell your employees. Tell your occupational health staff. Say it loud. Say it proud.

Ontario Public Service Employees Union (Union) v Ontario (Treasury Board Secretariat), 2018 CanLII 55851 (ON GSB).

Arbitrator upholds driving safety system with in-cab cameras

On May 24th, Arbitrator Saunders of British Columbia affirmed an employer’s implementation of a driving safety system that featured an in-cab camera that recorded continuously, with access to feed limited to certain defined “triggering events” and reasonable cause scenarios.

There’s a good discussion of “sensitivity” and whether Irving Pulp and Paper requires employers to prove a “demonstrated safety problem” to justify the use of any exercise of management rights that touches upon a reasonable expectation of privacy. Arbitrator Saunders said it does not:

I read the Court’s endorsement of Arbitrator Picher’s award in Nanticoke, to reflect an underlying concern about the extreme privacy intrusion occasioned by random drug and alcohol testing. On that basis, it was concluded that an intrusion amounting to “a loss of liberty and personal autonomy” can only be justified by negotiated provisions or by a compelling countervailing interest, such as a demonstrated problem that cannot be adequately addressed by less invasive means. A corresponding level of intrusion is not present on the facts of the present case.

Accordingly, I do not find that Irving posits a dangerous workplace and a demonstrated safety problem as prerequisites in all cases safety is invoked to justify privacy intrusions, much less the intrusion imposed by overt video surveillance. Rather, the existence of safety infractions or the risk of accidents, remain to be factored in the proportionality assessment—the more serious the intrusion, the more compelling the justification required.

Arbitrator Saunders then affirmed the employer’s implementation based, in part, on a finding that the employer’s utilization of employee images was “confined to intermittent safety-related events and is only viewed to advance legitimate incident-based objectives.”

Lafarge Canada Inc. v Teamsters, Local Union No. 213, 2018 CanLII 69607 (BC LA).

BC arbitrator endorses non-consensual sharing of personal information with union

On March 8th of this year, arbitrator Kinzie held that an employer did not breach the British Columbia PIPA by disclosing amounts earned by bargaining unit members to their certified bargaining agent. He made the following principled statement about when the exception to the PIPA consent rule would be engaged by disclosures by an employer to bargaining agent:

As the party to the collective agreement with the Employer, which agreement governs the terms and conditions of employment of the Employer’s employees, the Union, in my view, is an equal partner with the Employer to those employment relationships.  They have the same legitimate interest in the management of those relationships.  Therefore, I am of the view that the disclosure of employee personal information by the Employer to the Union regarding employees in the Union’s bargaining unit that is relevant to a matter concerning the interpretation and/or the application of the collective agreement would not violate Section 19 of the Personal Information Protection Act if their consent was not obtained because such disclosure, in my view, would be “reasonable” for the purposes of “managing” an employment relationship governed by the terms of that agreement.

Notably, the employer had called the BC OIPC for advice and was apparently told “definitely NOT [to] turn that info over to anybody.”

Comox Valley Distribution Ltd. v United Steelworkers, Local 1-1937, 2017 CanLII 72391 (BC LA).

Jones, Marakah and corporate information systems

There has been significant discussion of the Supreme Court of Canada’s decisions in R v Jones and R v Marakah – cases in which the Court recognized a reasonable expectation of privacy in text messages that police obtained from others. In Jones, the police obtained messages from a telecom company and in Marakah the police obtained messages from a recipient’s phone.

At their broadest, Jones and Marakah are clearer than ever recognition that the Charter protects digital communications although digital communications are not easily controlled or kept secret. Justice Cote said it well in Jones:

Here, as in Spencer and TELUS, the only way to retain control over the subject matter of the search vis-à-vis the service provider was to make no use of its services at all. That choice is not a meaningful one. Focusing on the fact that Mr. Jones relinquished direct control vis-à-vis the service provider is accordingly difficult to reconcile with a purposive approach to s. 8. Canadians are not required to become digital recluses in order to maintain some semblance of privacy in their lives.

 

Recognizing this particular, highly-normative basis for Jones and Marakah is essential to properly understanding what these cases might mean for rights and entitlements of organizations that hold the digital information of others – including employers who hold the digital information of their employees. In contrast to the above statement, the Supreme Court of Canada has already recognized that employees have a meaningful choice as to whether they use a work system for their private dealings . In R v Cole, Justice Fish said the following about employee Cole’s choice:

In this case, the operational realities of Mr. Cole’s workplace weigh both for and against the existence of a reasonable expectation of privacy.  For, because written policy and actual practice permitted Mr. Cole to use his work-issued laptop for personal purposes.  Against, because both policy and technological reality deprived him of exclusive control over — and access to — the personal information he chose to record on it.

Jones and Marakah do not detract from this statement and, if anything, invite the law to develop in a way that gives even greater emphasis to employee choice and its impact on privacy and corporate data security. Corporate data security is all about choosing the right medium – the right tool – for the purpose. Our right as citizens to text without state interference is quite a different thing.

R. v. Jones, 2017 SCC 60 (CanLII).

R. v. Marakah, 2017 SCC 59 (CanLII).

Arbitrator orders $3,000 in privacy damages

On April 27th, Arbitrator Knopf ordered that $3,000 in damages be paid to a grievor for breach of privacy and harassment because:

  • the grievor’s personnel file contained an inexplicable notation that the grievor advised his supervisor that he injured his penis while cooking nude at home; and
  • the employer contacted the grievor’s doctor to confirm the doctor’s signature without justification and without consent.

Ms. Knopf said that these claims were “serious enough to warrant damages, buy they were not profoundly damaging to [the grievor’s] reputation or harmful to his privacy, nor did they have a negative impact on his benefit claims, status in the workplace or reputation in general.”

York (Regional Municipality) v Canadian Union of Public Employees, Local 905, 2017 CanLII 56454 (ON LA).

Consent form decision imposes strict transparency requirement for handling employee medical information

Disputes about employer medical information consent forms are now common. It’s not hard to pick apart a form, and employers tend to suffer “cuts and bruises.” In once such case an arbitrator has recently held that an employer must identify “anyone with whom the information would be shared” in a consent form. The arbitrator also held that an employer must subsequently (and seemingly proactively) give notice of who is handling information:

I agree with the employer that it is not practical to obtain a new consent every time a manager or HR Specialist who is absent is temporarily replaced. However, the employer must advise the employee of the employer’s need and intention to share health information with a replacement and identify that individual by name and title. This would enable the employee to revoke the consent if he/she does not wish the health information to be shared with the individual replacing the manager or HR Specialist. If and when it becomes necessary to share health information with HR or legal services in order to seek advice, or to obtain approval from senior management with delegated authority, the employee should be informed of the title or office only of the person with whom information will be shared. The employee’s consent would not be required for the employer to be able to do so.

While there’s no debating an employee’s right of control, the degree of transparency required here is very high and operationally challenging in the least. “Person-based consents” (as opposed to “purpose-based consents”) can also restrict important flows of information in subtle yet problematic ways.

The best argument against person-based consents is one that refers to the public policy that is reflected in the Personal Health Information and Protection Act (which does not govern employers acting as employers except via section 49). Even in the health care context – where the standard should be higher, not lower than in the employment context given the limited range of information processed by employers – consent is deemed to exist for a certain purpose and information can flow to any health care provider for that purpose. This is subject to a “lock box” that gives patients the ability to shield their information from specific individuals, but the lock box essentially functions as an opt out. (For the nuances of how PHIPA’s “circle of care” concept works, see here.) Transparency is satisfied by the publication of a “written public statement” (a policy really) that “provides a general description of the custodian’s information practices.” There’s no reason to require more of employers.

OPSEU and Ontario (Treasury Board Secretariat), Re, 2017 CarswellOnt 11994.